版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/u014401141/article/details/82817857
建立了个测试java项目spring-boot-log,启动项目
java -jar spring-boot-log.jar
此项目会将产生的项目日志存到/home/alen/application/logs/spring-boot-log-info.log
启动
bin/logstash -f hello.conf
codec的使用( Coder/decoder 两个单词首字母缩写)
Codec: 解码编码 数据格式
好处 更方便logstash与支持自定义数据格式的运维产品进行使用
logstash更细化的处理流程
input->decode->filter->encode->output
hello.conf
input {
# 从文件读取日志信息 输送到控制台
file {
path => "/home/alen/application/logs/spring-boot-log-info.log"
#codec => "json" ## 以JSON格式读取日志
type => "elasticsearch"
start_position => "beginning"
}
}
# filter {
#
# }
output {
# 标准输出
# stdout {}
# 输出进行格式化,采用Ruby库来解析日志
stdout { codec => rubydebug }
}
访问项目
logstash打印结果
{
"host" => "localhost.localdomain",
"@timestamp" => 2018-09-22T13:23:23.946Z,
"@version" => "1",
"message" => "2018-09-22 21:23:22.539 [http-nio-8070-exec-5] INFO com.alen.log.controller.HelloController - 打印日志",
"path" => "/home/alen/application/logs/spring-boot-log-info.log",
"type" => "elasticsearch"
}
filter使用
例子
切割插件mutate,随意输入一串以|分割的字符,比如 "123|000|ttter|sdfds*=123|dfwe
配置二 test_filter.conf
input {
# 从文件读取日志信息 输送到控制台
file {
path => "/home/alen/application/logs/spring-boot-log-info.log"
#codec => "json" ## 以JSON格式读取日志
type => "elasticsearch"
start_position => "beginning"
}
}
filter {
mutate {
split => ["message", "|"]
}
}
output {
# 标准输出
# stdout {}
# 输出进行格式化,采用Ruby库来解析日志
stdout { codec => rubydebug }
}
启动
bin/logstash -f test_filter.conf
打印结果message会是根据“|”分割为一个数组
{
"path" => "/home/alen/application/logs/spring-boot-log-info.log",
"message" => [
[0] "2018-09-22 21:45:08.853 [http-nio-8070-exec-2] INFO com.alen.log.controller.HelloController - 打印日志"
],
"host" => "localhost.localdomain",
"@version" => "1",
"@timestamp" => 2018-09-22T13:45:17.204Z,
"type" => "elasticsearch"
}